Saturday, April 21, 2018

Reinforcing the points made in yesterdays Privacy Foundation seminar. Authorized employees are a substantial risk! “Became Aware” is not the same as “Discovered.” Likely someone told them what was happening. Interesting again that the offer Identity Protection to all of their clients.
From their press release:
SunTrust Banks, Inc. (NYSE: STI) is now offering Identity Protection for all current and new consumer clients at no cost on an ongoing basis. Experian IDnotify™ will be provided to those who sign up for the service.
SunTrust cares deeply about the privacy and security of client information. The company became aware of potential theft by a former employee of information from some of its contact lists. Although the investigation is ongoing, SunTrust is proactively notifying approximately 1.5 million clients that certain information, such as name, address, phone number and certain account balances may have been exposed. The contact lists did not include personally identifying information, such as social security number, account number, PIN, User ID, password, or driver’s license information. SunTrust is also working with outside experts and coordinating with law enforcement.
Read the full press release here.

More resources for my Computer Security students.

...and a tool for Privacy.

Interesting arguments?
Government hacking tactics questioned at OURSA
Jennifer Granick, surveillance and cybersecurity counsel at the American Civil Liberties Union, took the stage at OURSA on Tuesday to discuss the state of modern surveillance and hacking performed by the U.S. government, arguing that both cross the line of traditional legal searches.
"Increasingly, modern surveillance is mass surveillance," Granick said. "We used to target people for surveillance because of their political opinions or their religion or their race. Now the mainstream is being surveilled."
… The U.S. doesn't currently have specific hacking laws, though the U.S. government uses hacking for law enforcement and intelligence operations. Instead, noted Granick, the U.S. relies on the same legal process for hacking that it does for regular searches – the warrant. While warrants are crucial, they don't cover enough ground.
"Government hacking is different from regular searches in five particular ways that the warrant requirement can't really address," Granick said.
Those ways include the amount of data being collected; the invasiveness of the techniques the government uses to hack and surveil, such as turning on the cameras and microphones on personal laptops and smart devices; and, the falsification of data.
… "If this information is being collected for criminal prosecution purposes, how can we know that the very act of accessing the computer hasn't changed the information that's there in ways that impinge upon the defendants' rights?" Granick posed. "How can the defense test that theory and see that the evidence is not altered in any way if the government insists on keeping the exploit and the vulnerability secret? It interferes the with due process rights of the defendant in the criminal justice system."
The fourth way in which government hacking is out-of-scope with regular search warrants is the potential cybersecurity harms.

Fodder for my IT Management class.
Wells Fargo Fined $1B for Mortgage, Auto Lending Abuses
Wells Fargo will pay $1 billion to federal regulators to settle charges tied to misconduct at its mortgage and auto lending business, the latest punishment levied against the banking giant for widespread customer abuses.
… Starting in September 2016, Wells has admitted to a number of abusive practices across multiple parts of its business that duped consumers out of millions of dollars. Regulators, in turn, have fined Wells several times and put unprecedented restrictions on its ability to do business, including forcing the bank to replace directors on its board
… In Friday's announcement, the CFPB and the OCC penalized Wells for improperly charging fees to borrowers who wanted to lock in an interest rate on a pending mortgage loan and for sticking auto loan customers with insurance policies they didn't want or need. The bank admitted that tens of thousands of customers who could not afford the combined auto loan and extra insurance payment fell behind on their payments and had their cars repossessed.
These abuses are separate from Wells Fargo's well-known sales practices scandal, where employees opened as many as 3.5 million bank and credit card accounts without getting customers' authorization. The account scandal torpedoed Wells Fargo's reputation as the nation's best-run bank.

Helping my students select a major.
A.I. Researchers Are Making More Than $1 Million, Even at a Nonprofit
One of the poorest-kept secrets in Silicon Valley has been the huge salaries and bonuses that experts in artificial intelligence can command. Now, a little-noticed tax filing by a research lab called OpenAI has made some of those eye-popping figures public.
OpenAI paid its top researcher, Ilya Sutskever, more than $1.9 million in 2016. It paid another leading researcher, Ian Goodfellow, more than $800,000 — even though he was not hired until March of that year. Both were recruited from Google.
A third big name in the field, the roboticist Pieter Abbeel, made $425,000, though he did not join until June 2016, after taking a leave from his job as a professor at the University of California, Berkeley. Those figures all include signing bonuses.

No comments: